lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202202081527.A65F1176F@keescook>
Date:   Tue, 8 Feb 2022 15:32:06 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     x86@...nel.org, joao@...rdrivepizza.com, hjl.tools@...il.com,
        jpoimboe@...hat.com, andrew.cooper3@...rix.com,
        linux-kernel@...r.kernel.org, ndesaulniers@...gle.com,
        samitolvanen@...gle.com
Subject: Re: [RFC][PATCH 2/6] x86: Base IBT bits

On Mon, Nov 22, 2021 at 06:03:03PM +0100, Peter Zijlstra wrote:
> Add Kconfig, Makefile and basic instruction support for x86 IBT.
> 
> Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
> ---
>  arch/x86/Kconfig           |   10 ++++++++++
>  arch/x86/Makefile          |    5 ++++-
>  arch/x86/include/asm/ibt.h |   40 ++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 54 insertions(+), 1 deletion(-)
> 
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1848,6 +1848,16 @@ config X86_UMIP
>  	  specific cases in protected and virtual-8086 modes. Emulated
>  	  results are dummy.
>  
> +config CC_HAS_IBT
> +	def_bool $(cc-option, -fcf-protection=branch)
> +
> +config X86_IBT
> +	prompt "Indirect Branch Tracking"
> +	bool
> +	depends on X86_64 && CC_HAS_IBT
> +	help
> +	  Increase kernel text size for giggles

How about:

	  For systems that support CET, enable Indirect Branch Tracking,
	  which blocks all JOP and indirect call pointer attacks that
	  are not pointing at function entry points (i.e. marked with
	  ENDBR). This also eliminates the use of all of the "misaligned"
	  gadgets that might be reachable in the middle of instructions.

> +
>  config X86_INTEL_MEMORY_PROTECTION_KEYS
>  	prompt "Memory Protection Keys"
>  	def_bool y
> --- a/arch/x86/Makefile
> +++ b/arch/x86/Makefile
> @@ -50,8 +50,11 @@ export BITS
>  #
>  KBUILD_CFLAGS += -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx
>  
> -# Intel CET isn't enabled in the kernel
> +ifeq ($(CONFIG_X86_IBT),y)
> +KBUILD_CFLAGS += $(call cc-option,-fcf-protection=branch)
> +else
>  KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
> +endif
>  
>  ifeq ($(CONFIG_X86_32),y)
>          BITS := 32
> --- /dev/null
> +++ b/arch/x86/include/asm/ibt.h
> @@ -0,0 +1,40 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _ASM_X86_IBT_H
> +#define _ASM_X86_IBT_H
> +
> +#ifdef CONFIG_X86_IBT
> +
> +#ifndef __ASSEMBLY__
> +
> +// XXX note about GAS version required
> +
> +#ifdef CONFIG_X86_64
> +#define ASM_ENDBR	".byte 0xf3, 0x0f, 0x1e, 0xfa\n\t"
> +#else
> +#define ASM_ENDBR	".byte 0xf3, 0x0f, 0x1e, 0xfb\n\t"
> +#endif
> +
> +#else /* __ASSEMBLY__ */
> +
> +#ifdef CONFIG_X86_64
> +#define ENDBR	.byte 0xf3, 0x0f, 0x1e, 0xfa
> +#else
> +#define ENDBR	.byte 0xf3, 0x0f, 0x1e, 0xfb
> +#endif
> +
> +#endif /* __ASSEMBLY__ */
> +
> +#else /* !IBT */
> +
> +#ifndef __ASSEMBLY__
> +
> +#define ASM_ENDBR
> +
> +#else /* __ASSEMBLY__ */
> +
> +#define ENDBR
> +
> +#endif /* __ASSEMBLY__ */
> +
> +#endif /* CONFIG_X86_IBT */
> +#endif /* _ASM_X86_IBT_H */
> 
> 

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ